Police in an unidentified European nation have retrieved wafer-thin ATM skimmers that are so small that they can be fitted inside the credit-card insertion slot. Brian Krebs describes the finding:
That’s according to two recent reports from the European ATM Security Team (EAST), an organization that collects ATM fraud reports from countries in the region. In both reports, EAST said one country (it isn’t naming which) alerted them about a new form of skimming device that is thin enough to be inserted directly into the card reader slot. These devices record the data stored on the magnetic stripe on the back of the card as it is slid into a compromised ATM.
Another EAST report released this week indicates that these insert skimmers are continuing to evolve. Below are two more such devices. Insert skimmers require some secondary component to record customers entering their PINs, such as a PIN pad overlay or hidden camera.
ATM Skimmers Get Wafer Thin
This video shows the process that a blind man goes through in using a particular ATM for the first time; the machine he selects is one that has a ton of assistive features that are aimed at making use easier for visually impaired people, but it's apparent that this guy -- blind film critic Tommy Edison -- has to go through a heroic effort to get through a technological ritual that most of us take for granted. I also felt for Edison in light of the advice to shield your PIN from potential hidden cameras, a task that seems to add transcendent difficulty to an already tricky task.
Blind Man vs. The ATM - Tommy Edison
Crooks who compromised Fidelity National Information Services's prepaid debit card database were able to draw out $13 million in one night, working with co-conspirators in several countries in one weekend night, after the banks had closed:
Apparently, the crooks were able to drastically increase or eliminate the withdrawal limits for 22 prepaid cards that they had obtained. The fraudsters then cloned the prepaid cards, and distributed them to co-conspirators in several major cities across Europe, Russia and Ukraine.
Coordinated ATM Heist Nets Thieves $13M
Sources say the thieves waited until the close of business in the United States on Saturday, March 5, 2011, to launch their attack. Working into Sunday evening, conspirators in Greece, Russia, Spain, Sweden, Ukraine and the United Kingdom used the cloned cards to withdraw cash from dozens of ATMs. Armed with unauthorized access to FIS’s card platform, the crooks were able to reload the cards remotely when the cash withdrawals brought their balances close to zero.
(Image: ATM in a cage, a Creative Commons Attribution Share-Alike (2.0) image from yuval_y's photostream)